1selabel_lookup_best_match(3)SELinux API documentatiosnelabel_lookup_best_match(3)
2
3
4

NAME

6       selabel_lookup_best_match  -  obtain a best match SELinux security con‐
7       text - Only supported on file backend.
8

SYNOPSIS

10       #include <selinux/selinux.h>
11       #include <selinux/label.h>
12
13       int selabel_lookup_best_match(struct selabel_handle *hnd,
14                                     char **context,
15                                     const char *key,
16                                     const char **links,
17                                     int type);
18
19       int selabel_lookup_best_match_raw(struct selabel_handle *hnd,
20                                         char **context,
21                                         const char *key,
22                                         const char **links,
23                                         int type);
24

DESCRIPTION

26       selabel_lookup_best_match() performs a best match lookup  operation  on
27       the  handle  hnd, returning the result in the memory pointed to by con‐
28       text, which must be freed by the  caller  using  freecon(3).   The  key
29       parameter  is  a  file  path to check for best match using zero or more
30       link (aliases) parameters. The order of precedence for best match is:
31
32              1.  An exact match for the real path (key) or
33
34              2.  An exact match for any of the links (aliases), or
35
36              3.  The longest fixed prefix match.
37
38       The type parameter is an optional file mode argument that should be set
39       to  the  mode bits of the file, as determined by lstat(2).  mode may be
40       zero, however full matching may not occur.
41
42       selabel_lookup_best_match_raw()   behaves    identically    to    sela‐
43       bel_lookup_best_match() but does not perform context translation.
44

RETURN VALUE

46       On  success,  zero  is returned.  On error, -1 is returned and errno is
47       set appropriately.
48

ERRORS

50       ENOENT No context corresponding to the input key and type was found.
51
52       EINVAL The key and/or type inputs are invalid,  or  the  context  being
53              returned failed validation.
54
55       ENOMEM An attempt to allocate memory failed.
56
57

NOTES

59       Example  usage - When a service creates a device node, it may also cre‐
60       ate one or more symlinks to the device node.  These symlinks may be the
61       only  stable  name for the device, e.g. if the partition is dynamically
62       assigned.  The file label backend supports this by looking up the "best
63       match"  for a device node based on its real path (key) and any links to
64       it (aliases). The order of  precedence  for  best  match  is  described
65       above.
66
67

SEE ALSO

69       selabel_open(3), selabel_stats(3), selinux_set_callback(3), selinux(8),
70       lstat(2), selabel_file(5)
71
72
73
74Security Enhanced Linux           05 May 2015     selabel_lookup_best_match(3)
Impressum